 |
|
|
|
Next: About encrypted filesystems
|
| Author |
Message |
External
Since: Jul 06, 2007
Posts: 9
|
(Msg. 1) Posted: Wed Nov 07, 2007 10:05 pm
Post subject: ulimit
Archived from groups: comp>os>linux>security (more info?)
|
|
|
|
| How can I (being root) prevent other users from changing their ulimit?
I know this is possible in UNIX, but I'm not sure about Linux (i.e.
Slackware, SUSE). By the way, how would I do it in UNIX? (i.e.
Solaris, Darwin, or FreeBSD)
|
|
|
| Back to top |
|
 | |
External
Since: Dec 06, 2004
Posts: 75
|
(Msg. 2) Posted: Wed Nov 07, 2007 11:09 pm
Post subject: Re: ulimit [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Steven Borrelli wrote:
> How can I (being root) prevent other users from changing their ulimit?
> I know this is possible in UNIX, but I'm not sure about Linux ....
You can't prevent them from changing the limits; you can only impose a
"cap" (a hard limit) on how much of the system resources any user can use.
A user process can still change (lower, for example) its own limits.
*How* you do this, be it on a commercial Unix system, Linux of whatever
flavour, or a *BSD system, seems to me to be implementation specific.
See the "limits" manual page on Slackware (and other, perhaps?) Linux
systems for an example of one possibility.
I hope this helps ...
--
----------------------------------------------------------------------
Sylvain Robitaille syl.RemoveThis@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
---------------------------------------------------------------------- |
|
| Back to top |
|
| |
External
Since: Dec 26, 2004
Posts: 371
|
(Msg. 3) Posted: Thu Nov 08, 2007 7:47 am
Post subject: Re: ulimit [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Thu, 08 Nov 2007, in the Usenet newsgroup comp.os.linux.security, in article
<1194494735.248243.325540 RemoveThis @d55g2000hsg.googlegroups.com>, Steven Borrelli wrote:
NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.
And please don't post the same question to multiple newsgroups.
>How can I (being root) prevent other users from changing their ulimit?
You can't. They can _reduce_ their limits, or increase them up to
the limits you set, but it's not easy to prevent anyone from changing
them below those maximum limits.
>I know this is possible in UNIX, but I'm not sure about Linux (i.e.
>Slackware, SUSE). By the way, how would I do it in UNIX? (i.e.
>Solaris, Darwin, or FreeBSD)
It's a _shell_ function, not an O/S. You're probably running a Bourne
type shell (sh, bash, ksh, or similar), and for that the built-in
command is 'ulimit'. For a 'c' type shell (csh, tcsh, and similar),
the command is 'limit'.
Limits are set in a login shell - so if you are using a text based
login and a Bourne shell, use /etc/profile. If using a 'csh' shell,
use ~/.login in the users home directory. If using a 'tcsh' shell,
see the man page, as things vary as a function of how the shell is
compiled. For a _GUI_ login (runlevel 5 in an Linux Standard Base
compliant distribution)[1], you need to look at the man page for the
display manager used (gdm, kdm, wdm, xdm, etc.) as they usually
do NOT use a shell as the place to set things - .xinitrc, .xsession,
or similar - often in the user's home directory. For those files
that set the limits but are located _in_ the user's home directory,
you need to change ownership of that/those files to root:root, and
set the 'sticky bit' on the directory itself (chmod 1750 /home/mumble)
so that only the file _owner_ can delete the file.
Bottom line - see the man page for the shell used, and read the
sections about limits and shell invocation.
Old guy
[1] Mandriva 2008 is an exception. The GUI login shell scripts source
~/.bash_profile - which isn't much good in a 'csh' environment, but is
a start. |
|
| Back to top |
|
| |
External
Since: Jul 12, 2004
Posts: 94
|
(Msg. 4) Posted: Sat Nov 10, 2007 11:22 am
Post subject: Re: ulimit [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Steven Borrelli wrote:
> How can I (being root) prevent other users from changing their ulimit?
> I know this is possible in UNIX, but I'm not sure about Linux (i.e.
> Slackware, SUSE). By the way, how would I do it in UNIX? (i.e.
> Solaris, Darwin, or FreeBSD)
For Linux
man limits.conf
limits.conf lives in /etc/security usually.
It applies (or could apply, depending on configuration) to any user.
It's not dependent on shell. You can use the shell ulimit command to
change soft limits, like a previous poster said, but hard limits are
absolute maximums. |
|
| Back to top |
|
| |
| Related Topics: | NIS+PAM+SSH+Firewalling.....all in the mix - I've encountered an issue in trying to setup an iptables firewall (shorewall) on a debian etch server (hostname zeus).....
problem with sftp rpm - Hi all I downloaded 'sftp-0.9.9-4.src.rpm' and when I run the command "rpm -ivh sftp-0.9.9-4.src.rpm", it giv...
ulimit -c + pam - Heelo, I have a problem with RHEL 2.1 I connect to a server with telnet as root (bad, I know) then I make a su - user....
Increase ulimit -n automatically? - I have a program that needs a little under 10,000 files open at once. I can change the ulimit -n as root then su - to....
Question about ssh, ulimit -n - Group, I like to install Oracle on my linux box. One thing I need to do is $ulimit -n 65438 -bash: ulimit: open files...
[gentoo-user] ulimit question - Hi, How and where does Gentoo set the values I see in ulimit? Mostly I'm intersted in the 'max locked memory' value.... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
Linux